IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 



In Re Application Of 



Group A.U.: 2136 



Jari Karjala et al. 



Examiner: 



Okoronkwo, C.C. 



Serial No.: 



10/608,818 



Attorney Docket No.: 004770.00134 



Filed: 



June 30, 2003 



Confirmation No. : 7985 



For: METHOD OF IMPLEMENTING ) 
SECURE ACCESS ) 

MISCELLANEOUS STATEMENT CONCERNING COPENDING APPLICATION 

Commissioner for Patents 

Customer Service Window, Mail Stop AF 

Randolph Building 

401 Dulany Street 

Alexandria, VA 22314 



Applicants call the Examiner's attention to commonly-owned, copending application 
serial number 10/609,011 (attorney docket number 004770.00133), which application is 
identified in Applicants' specification as related to the present application. So that the Examiner 
can consider whether any double patenting issues are raised, a copy of the currently pending 
claims of application 10/609,01 1 is attached hereto. Without in any way attempting to limit the 
Examiner's review of the attached, Applicants further call the Examiner's attention to currently- 
pending claims 49-52 of application 10/609,01 1. 



Sir: 



Respectfully Submitted, 



By; /H. Wayne Porter/ 



H. Wayne Porter 
Registration No. 42,084 



BANNER & WITCOFF, LTD. 
1100 13th Street, N.W., Suite 1200 
Washington, D.C. 20005-4051 
(202) 824-3000 



Dated: April 23, 2008 



Claims pending in application 10/609,011 



1 . A method comprising: 

(a) initiating a connection via a publicly accessible network from a wireless device, 
wherein 

the wireless device includes an unprovisioned virtual private network (VPN) 
program and an unprovisioned automatic content updating (ACU) program, and 

the ACU program is configured, upon provisioning, to communicate with one or 
more remotely-located devices on behalf of at least one additional program that is distinct from 
the ACU and VPN programs; 

(b) receiving, in the wireless device and using the connection, information for 
provisioning the ACU program; 

(c) provisioning the ACU program based upon the information received in step (b); 

(d) receiving in the wireless device, via the publicly accessible network and using the 
provisioned ACU program, information for provisioning the VPN program; 

(e) provisioning the VPN program based upon the information received in step (d); and 

(f) creating a secure communication link using the provisioned VPN program. 

2. The method of claim 1, wherein the information received in step (b) comprises an ACU 
certificate corresponding to the wireless device and the information received in step (d) 
comprises a VPN certificate corresponding to the wireless device. 

3. The method of claim 1, further comprising: 

(g) determining whether an update to the VPN program is available; 

(h) receiving the update; and 

(i) implementing the update. 

4. (Canceled) 
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5 . The method of claim 1 , further comprising: 

(g) sending, prior to step (d), a certificate enrollment request for forwarding to an 
external certification authority (CA). 

6. (Canceled) 

7. (Canceled) 

8. The method of claim 1, further comprising: 

(g) determining whether an update is available for the at least one additional program; 

and 

(h) receiving an update for the at least one additional program. 

9. (Canceled) 

10. The method of claim 1, further comprising: 

(g) fetching, from one of the one or more remotely-located devices, content or content 
metadata applicable to the at least one additional program; and 

(h) storing, by the at least one additional program, the fetched content or content 
metadata. 

11. The method of claim 1, wherein the ACU program communicates using a SyncML 
protocol. 

12. The method of claim 1 , further comprising: 
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(g) storing, in a configuration record for the VPN program, an Internet Access Point 
(IAP) to be used when communicating with one of the one or more remotely-located devices on 
behalf of the VPN program. 

13. The method of claim 1, wherein the ACU program communicates using a simple request- 
response protocol, and wherein a protocol transaction consists of a single request-response pair. 

14. The method of claim 1, further comprising: 

(g) fetching, from one of the one or more remotely-located devices, content metadata 
applicable to the at least one additional program; 

(h) comparing fetched metadata to locally stored metadata; and 

(i) fetching new or updated content from the one of the one or more remotely-located 
devices based upon the comparison. 

15. The method of claim 14, wherein the ACU program includes in fetch requests in steps (g) 
and (i) content identifications (IDs) required by the one of the one or more remotely-located 
devices. 

16. The method of claim 1, further comprising: 

(g) fetching, from multiple databases in one of the one or more remotely-located devices, 
metadata about multiple types of content. 

17. The method of claim 1, wherein the ACU program transmits requests containing 
properties used by one of the one or more remotely-located devices to filter requests. 

18. The method of claim 1, wherein messages generated by the ACU program and 
communicated to one of the one or more remotely-located devices include a message identifier, a 
target database identifier, and a security level. 
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19. The method of claim 18, wherein a first security level is required to receive configuration 
information for the VPN program and a second security level is required to receive another type 
of information. 

20. The method of claim 18, wherein at least one message generated by the ACU program 
includes an element indicating that the at least one message is a last message relating to a 
specific task. 

2 1 . The method of claim 18, wherein the ACU program requests configuration information in 
a single message. 

22. The method of claim 1 further comprising, prior to step (b): 

(g) validating and storing a returned certificate corresponding to one of the one or more 
remotely-located devices so as to create a trust relationship with that remotely-located device. 

23. The method of claim 22, further comprising: 

(h) using the certificate stored in step (g) to validate subsequent responses from that 
remotely-located device. 

24. The method of claim 23, wherein: 

the certificate corresponding to the one of the one or more remotely-located 
devices is validated based on a hash calculated over an entire ACU message, except for a 
signature element of that ACU message, 

the hash is signed with a private key held by the one of the one or more remotely- 
located devices, and 
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the certificate corresponding to the one of the one or more remotely-located 
devices is included in a first response from the one of the one or more remotely-located devices 
and is used by the wireless device to verify the signature and identify and authenticate a sender. 

25. An apparatus comprising: 

a transceiver configured to provide a wireless interface to a publicly accessible network; 

and 

a processor configured to perform steps that include 

(a) initiating a connection via the publicly accessible network, wherein 

the apparatus includes an unprovisioned virtual private network (VPN) program 
and an unprovisioned automatic content updating (ACU) program, and 

the ACU program is configured, upon provisioning, to communicate with one or 
more remotely-located devices on behalf of at least one additional program that is distinct from 
the ACU and VPN programs, 

(b) receiving, using the connection, information for provisioning the ACU program, 

(c) provisioning the ACU program based upon the information received in step (b), 

(d) receiving, via the publicly accessible network and using the provisioned ACU 
program, information for provisioning the VPN program, 

(e) provisioning the VPN program based upon the information received in step (d), and 

(f) creating a secure communication link using the provisioned VPN program. 

26. The apparatus of claim 25, wherein the information received in step (b) comprises an 
ACU certificate corresponding to the apparatus and information received in step (d) comprises a 
VPN certificate corresponding to the apparatus. 

27. The apparatus of claim 25, wherein the processor is further configured to perform steps 
that include 

(g) determining whether an update to the VPN program is available, 
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(h) receiving the update, and 

(i) implementing the update. 

28. (Canceled) 

29. The apparatus of claim 25, wherein the processor is further configured to perform steps 
that include 

(g) sending, prior to step (d), a certificate enrollment request for forwarding to an 
external certification authority (CA). 

30. (Canceled) 

31. (Canceled) 

32. The apparatus of claim 25, wherein the processor is further configured to perform steps 
that include 

(g) determining whether an update is available for the at least one additional program, 

and 

(h) receiving an update for the at least one additional program. 

33. (Canceled) 

34. The apparatus of claim 25, wherein the processor is further configured to perform steps 
that include 

(g) fetching, from one of the one or more remotely-located devices, content or content 
metadata applicable to the at least one additional program, and 

(h) storing, by the at least one additional program, the fetched content or content 
metadata. 
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35. The apparatus of claim 25, wherein the ACU program communicates using a SyncML 
protocol. 

36. The apparatus of claim 25, wherein the processor is further configured to perform steps 
that include 

(g) storing, in a configuration record for the VPN program, an Internet Access Point 
(IAP) to be used when communicating with one of the one or more remotely-located devices on 
behalf of the VPN program. 

37. The apparatus of claim 25, wherein the ACU program communicates using a simple 
request-response protocol, and wherein a protocol transaction consists of a single request- 
response pair. 

38. The apparatus of claim 25, wherein the processor is further configured to perform steps 
that include 

(g) fetching, from one of the one or more remotely-located devices, content metadata 
applicable to the at least one additional program, 

(h) comparing fetched metadata to locally stored metadata, and 

(i) fetching new or updated content from the one of the one or more remotely-located 
devices based upon the comparison. 

39. The apparatus of claim 38, wherein the ACU program includes in fetch requests in steps 
(g) and (i) content identifications (IDs) required by the one of the one or more remotely-located 
devices. 

40. The apparatus of claim 25, wherein the processor is further configured to perform steps 
that include 
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(g) fetching, from multiple databases in one of the one or more remotely-located devices, 
metadata about multiple types of content. 

4 1 . The apparatus of claim 25 , wherein 

the ACU program transmits requests containing properties used by one of the one or more 
remotely-located devices to filter requests. 

42. The apparatus of claim 25, wherein messages generated by the ACU program and 
communicated one of the one or more remotely-located devices include a message identifier, a 
target database identifier, and a security level. 

43. The apparatus of claim 42, wherein a first security level is required to receive 
configuration information for the VPN program and a second security level is required to receive 
another type of information. 

44. The apparatus of claim 42, wherein at least one message generated by the ACU program 
includes an element indicating that the at least one message is a last message relating to a 
specific task. 

45. The apparatus of claim 42, wherein the ACU program requests configuration information 
in a single message. 

46. The apparatus of claim 25, wherein the processor is further configured to perform steps 
that include 

(g) validating and storing a returned certificate corresponding to one of the one or more 
remotely-located devices so as to create a trust relationship with that remotely-located device. 
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47. The apparatus of claim 46, wherein the processor is further configured to perform steps 
that include 

(h) using the certificate stored in step (g) to validate subsequent responses from that 
remotely-located device. 

48. A server, comprising: 

an interface to a publicly accessible network; and 
a processor configured to perform steps comprising: 

(a) receiving requests from multiple users for configuration information for locally 
stored application programs used to create secure communication links to the server, the users 
being organized in a hierarchy of child, parent and grandparent groups, each group having a 
corresponding set of secure communication configuration data accessible by the server, each 
child group inheriting properties from its parent group, each parent group inheriting properties its 
grandparent group; 

(b) storing content associated with the groups, with information associated with a 
particular group being accessible to the particular group and to groups inheriting properties from 
the particular group; 

(b) providing configuration information to the users, the configuration information 
provided to each user comprising the configuration data set for each group from which the user 
inherits properties; 

(c) receiving requests from the users for content corresponding to other locally stored 
application programs; and 

(d) providing information to the users of a child group based on the groups from which 
the child group inherits properties. 

49. The method of claim 22, wherein step (g) includes requiring input of multiple characters 
from a user of the wireless device. 
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50. The method of claim 49, wherein the multiple characters are a portion of an identifier for 
the certificate corresponding to one of the one or more remotely-located devices. 

51. The apparatus of claim 46, wherein step (g) includes requiring input of multiple 
characters from a user of the apparatus. 

52. The apparatus of claim 51, wherein the multiple characters are a portion of an identifier 
for the certificate corresponding to one of the one or more remotely-located devices. 
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